[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"To Protect and Infect" - the edges of privacy-invading technology



On Tue, Dec 31, 2013 at 06:14:56AM +0100, Hannes Frederic Sowa wrote:
> On Mon, Dec 30, 2013 at 08:56:57PM -0500, [email protected] wrote:
> >   This talk is divided into two parts.  Morgan Marquis-Boire and Claudio 
> > Guarnieri talking about the militarization of the internet in part one, 
> > including both targeted and dragnet surveillance in deep-packet 
> > inspection.  (See also Citizen Labs' work on BlueCoat).  In part two, 
> > Jake Appelbaum talks about some of the most hardcore and cutting-edge 
> > NSA surveillance tactics and equipment.  (See also yesterday's Der 
> > Spiegel articles).
> > 
> > Part 1: http://www.youtube.com/watch?v=XZYo9TPyNko
> > 
> > Part 2: https://www.youtube.com/watch?v=b0w36GAyZIA
> 
> Actually, somehow, I have a feeling of relief to see that major hardware
> vendors don't seem to specifically work hand in hand with the NSA to
> implement backdoors. I don't see that having a JTAG connector publicaly
> accessible on a RAID controller as a hint for that. The other disclosures
> also point to my conclusion that the NSA is mostly working on their
> own. Of course, not all of Snowden's documents are released yet and
> hence my feeling could be deceiving.

Also:

>From the talk I got the impression, that attacks on iPhones always seem
to work. The slide from der Spiegel shows that this infection only works
via close access method and a remote infection path would be available in the
future (the slide is from 2008, but we don't know if this actually exists
now):
http://www.spiegel.de/static/happ/netzwelt/2014/na/v1/pub/img/Handy/S3222_DROPOUTJEEP.jpg

I guess the slide got accidentally chopped off in the talk or am I missing
something?

The UPD+RC6 story does not make sense to me, too (how could they know
about the encryption algorithm if they didn't dissect the actual bytes). I
also don't believe that current state of TLS would help much preventing
those redirection attacks.

Greetings,

  Hannes